Описание
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the search_path safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or update. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Отчет
In Red Hat Gluster Storage 3, PostgreSQL was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | postgresql | Not affected | ||
| Red Hat Decision Manager 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 8 | libpq | Not affected | ||
| Red Hat Enterprise Linux 9 | postgresql | Not affected | ||
| Red Hat Fuse 7 | postgresql | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
It was found that some PostgreSQL extensions did not use search_path s ...
7.1 High
CVSS3